Management apparatus, image forming apparatus management system for managing usage of the image forming apparatus

ABSTRACT

A management apparatus connected to an image forming apparatus for managing usage of the image forming apparatus is disclosed. The management apparatus includes a user data storage part for storing user identification data and use restriction data corresponding to the user identification data, and a use restriction data acquiring part for acquiring the use restriction data corresponding to the user identification data.

CROSS REFERENCE TO RELATED APPLICATIONS

The present application is a continuation of, and claims the benefit ofpriority under 35 U.S.C. §120, from U.S. application Ser. No.13/673,577, filed Nov. 9, 2012, which is a continuation of U.S.application Ser. No. 11/677,772, filed Feb. 22, 2007, now U.S. Pat. No.8,334,994, issued Dec. 18, 2012, and claims the benefit of priorityunder 35 U.S.C. §119, from Japanese Patent Application No. 2006-056404,filed Mar. 2, 2006, the entire contents of all of which are incorporatedherein by reference.

BACKGROUND OF THE INVENTION

1. Field of the Invention

The present invention relates to a management apparatus and an imageforming apparatus management system for managing processes executed byan image forming apparatus such as a multifunction machine.

2. Description of the Related Art

In recent years and continuing, there are many cases where an imageforming apparatus (e.g. a multifunction machine having a facsimilefunction, a scanner function, and a copier function) is connected toplural computer terminals via a network and shared within a certainorganization (e.g. office, company). In this environment, it isnecessary to maintain confidentiality of the image data handled insidethe network. Furthermore, it is desired to further improve efficiency ofthe image forming apparatus since the image forming apparatus is sharedby plural users.

For example, in a network scanner apparatus disclosed in JapaneseLaid-Open Patent Application No. 2004-222141, there is provided anaddress data storing part to which address data are stored (incorrespondence with each address to which data are to be delivered viathe network including at least user name, password, delivery data, andother addresses that may be used by the user of a corresponding address.Accordingly, user authentication is performed with the address datastoring part based on a combination of the user name and the password inthe address data storing part. Thus, use of the network scannerapparatus can only be allowed for a user who has succeeded at the userauthentication.

However, with the network scanner apparatus disclosed in JapaneseLaid-Open Patent Application No. 2004-222141, since image data read outfrom a document are transferred from the network scanner apparatus to apredetermined address, there is a possibility that the transferred imagedata be viewed by an unintended person in a case where a terminalcorresponding to the predetermined address is shared by plural users.

Furthermore, the network scanner apparatus disclosed in JapaneseLaid-Open Patent Application No. 2004-222141 allows use by all usersauthenticated in the user authentication. Since recent image formingapparatuses are provided not only with a scanner function but also withvarious other functions such as a facsimile function and a printingfunction, there is a possibility that the functions of the image formingapparatus will be used for unintended purposes in a case where the useris allowed to freely use the image forming apparatus.

SUMMARY OF THE INVENTION

The present invention may provide a management apparatus and an imageforming apparatus management system that substantially obviates one ormore of the problems caused by the limitations and disadvantages of therelated art.

Features and advantages of the present invention are set forth in thedescription which follows, and in part will become apparent from thedescription and the accompanying drawings, or may be learned by practiceof the invention according to the teachings provided in the description.Objects as well as other features and advantages of the presentinvention will be realized and attained by a management apparatus and animage forming apparatus management system particularly pointed out inthe specification in such full, clear, concise, and exact terms as toenable a person having ordinary skill in the art to practice theinvention.

To achieve these and other advantages and in accordance with the purposeof the invention, as embodied and broadly described herein, anembodiment of the present invention provides a management apparatusconnected to an image forming apparatus for managing usage of the imageforming apparatus, the management apparatus including: a user datastorage part for storing user identification data and use restrictiondata corresponding to the user identification data; and a userestriction data acquiring part for acquiring the use restriction datacorresponding to the user identification data.

Another embodiment of the present invention provides an image formingapparatus management system including: an image forming apparatus; and amanagement apparatus for managing usage of the image forming apparatus;wherein the management apparatus includes a user data storage part forstoring user identification data and use restriction data correspondingto the user identification data, a use restriction data acquiring partfor acquiring the use restriction data corresponding to the useridentification data, and a first communication part for communicatingwith the image forming apparatus, wherein the image forming apparatusincludes a user identification data obtaining part for obtaining theuser identification data, and a second communication part forcommunicating with the management apparatus.

Another embodiment of the present invention provides an image formingapparatus management system including: an image forming apparatus; anoperation terminal connected to the image forming apparatus; and amanagement apparatus for managing usage of the image forming apparatus;wherein the management apparatus includes a user data storage part forstoring user identification data and use restriction data correspondingto the user identification data, a use restriction data acquiring partfor acquiring the use restriction data corresponding to the useridentification data, and a first communication part for communicatingwith the operation terminal, wherein the image forming apparatusincludes a user identification data obtaining part for obtaining theuser identification data and a second communication part forcommunicating with the management apparatus.

Another embodiment of the present invention provides an image formingapparatus management system including: an image forming apparatus; acontrol terminal connected to the image forming apparatus forcontrolling the image forming apparatus; a management apparatus formanaging usage of the image forming apparatus; and a print processapparatus for processing print commands to be executed by the imageforming apparatus; wherein the management apparatus includes a user datastorage part for storing user identification data and use restrictiondata corresponding to the user identification data, a use restrictiondata acquiring part for acquiring the use restriction data correspondingto the user identification data, and a first communication part forcommunicating with the control terminal and the print process apparatus,wherein the control terminal includes a user identification dataobtaining part for obtaining the user identification data, a printprocess instructing part for instructing execution of a printing processby the print process apparatus, and a second communication part forcommunicating with the management apparatus and the print processapparatus; wherein the print process apparatus includes a print processcontrolling part for controlling execution of the print commands, aprint command storage part for storing the print commands, and a thirdcommunication part for communicating with the image forming apparatus,the control terminal and the management apparatus.

Other objects and further features of the present invention will beapparent from the following detailed description when read inconjunction with the accompanying drawings.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a schematic diagram showing an image forming apparatusmanagement system according to a first embodiment of the presentinvention;

FIG. 2 is a block diagram for describing functions of a image formingapparatus according to the first embodiment of the present invention;

FIG. 3 is a block diagram for describing functions of a managementserver according to a first embodiment of the present invention;

FIG. 4 is a block diagram for describing the functions of a print serveraccording to the first embodiment of the present invention;

FIG. 5 is a flowchart showing a user authentication process of an imageforming apparatus management system according to an embodiment of thepresent invention;

FIG. 6 is a flowchart for describing an operation of the personal menuprocess of an image processing apparatus according to the firstembodiment of the present invention;

FIGS. 7A and 7B are schematic diagrams for describing the statuses of anoperation part in a case where a personal menu is selected by the useraccording to an embodiment of the present invention;

FIG. 8 is a schematic diagram showing an image forming apparatusmanagement system according to a second embodiment of the presentinvention;

FIG. 9 is a schematic diagram for describing configurations of an imageforming apparatus, a control terminal, and an IC card reader accordingto an embodiment of the present invention;

FIG. 10 is a schematic diagram showing an image forming apparatusmanagement system according to a third embodiment of the presentinvention;

FIG. 11 is a schematic diagram for describing the configurations of alaser printer, a control terminal, a setting terminal, and an IC cardreader according to an embodiment of the present invention;

FIGS. 12A-12M are schematic diagrams for describing a display methodexecuted by a display part in a case of displaying the status of theimage forming apparatus management system according to an embodiment ofthe present invention; and

FIGS. 13A-13D are schematic diagrams for describing a display methodexecuted by a display part for displaying the status of a second printserver in a case where plural printer servers are connected.

DESCRIPTION OF THE PREFERRED EMBODIMENTS

In the following, embodiments of the present invention are describedwith reference to the accompanying drawings.

Embodiment 1

FIG. 1 is a schematic diagram showing an image forming apparatusmanagement system 10 according to the first embodiment of the presentinvention. The image forming apparatus management system 10 has amanagement server 11, an Active Directory server (hereinafter referredto as “AD server”) 13, a user terminal 15, a print server 16, and animage forming apparatus 17 (including multifunction peripheral) whichare connected by a network.

In the image forming apparatus management system 10, user identificationdata obtained from the image forming apparatus 17 is transmitted to themanagement server 11. Based on the user identification data, themanagement server 11 obtains data indicating access restrictionsregarding the use of the image forming apparatus 17 (access restrictiondata) in correspondence with each user. The management server 11transmits the obtained access restriction data to the image formingapparatus 17. The image forming apparatus 17 controls use of the imageforming apparatus 17 by each user according to the access restrictiondata.

The management server 11 is a management apparatus managing user dataand having control over the image forming apparatus 17. The managementserver 11 is described in further detail below. The AD server 13 storesuser ID data for identifying the user of the image forming apparatus 17.The user ID data stored in the AD server 13 may be registeredbeforehand, for example, by a manager of the image forming apparatusmanagement system 10 or a user using the user terminal 15.

In a user authentication process by the management server 11 forallowing the user to use the image forming apparatus 17, the managementserver 11 may select whether to perform the user authentication processaccording to the user ID data stored in the AD server 13.

The user terminal 15 is used, for example, for selecting a document tobe printed by the image forming apparatus 17 and instructing the imageforming apparatus 17 to perform printing. The user terminal 15 may be,for example, a computer having a CPU and a memory. The user terminal 15may also be used for changing various settings and conditions of themanagement server 11. The print server 16 is a print process apparatusthat temporarily stores printing jobs (i.e. print commands to beexecuted by the image forming apparatus 17) transmitted from the userterminal 15. The print server 16 is described in further detail below.

The image forming apparatus 17 is a multifunction machine (MFP, MultiFunction Peripheral) having, for example, a facsimile function, ascanner function, a copying function, and a printing function. In thisexample, the image forming apparatus 17 includes an IC card reader. TheIC card reader obtains IC card identification data which includesinherent IC card data (data inherent to the IC card).

Next, the image forming apparatus 17, the management server 11, and theprint server 16 are described with reference to FIGS. 2-4.

FIG. 2 is a block diagram for describing functions of the image formingapparatus 17 according to an embodiment of the present invention. Theimage forming apparatus includes a control part 171, an operation part172, a storage part 173, an IC card reader 174, a data format conversionpart 175, a communication part 176, a process history storage part 177,an individual data storage part 178, and a password generation part 179.

The control part 171 performs the processes for executing theabove-described functions including, for example, the facsimilefunction, the scanner function, the copying function, and the printingfunction and controls the processes. The operation part 172 is foroperating the image forming apparatus 17. The operation part 172 may be,for example, a ten-key or a control panel. It is preferable to provide adisplay part to the operation part 172 for enabling the user to view,for example, the status of the image forming apparatus 17 or a listindicating processes that can be executed by the image forming apparatus17.

The storage part stores, for example, settings (set parameters) of theimage forming apparatus 17, image data read out by the image formingapparatus, and electronic document data. The IC card reader 174 obtainsIC card identification data inherent in the IC card of the user.Although the IC card reader 174 of this embodiment of the presentinvention is a contactless type card reader which can obtain IC carddata without contacting an IC card, the IC card reader 174 may also be acontact type card reader which obtains IC card data by contacting an ICcard. Furthermore, although the IC card reader 174 of this embodiment ofthe present invention is provided inside the image forming apparatus 17,the IC card reader 174 may be connected to the outside of the imageforming apparatus 17 with a suitable connecting method.

The data format conversion part 175 controls the conversion of formatsof IC card identification data obtained by the IC card reader 174. TheIC card used in this embodiment of the present invention is a FeliCacard (Felicity Card), the IC card identification data obtained from theIC card reader 174 are data obtained in a format corresponding toFeliCa, and the IC card data used in executing the processes of theimage forming apparatus 17 are data having a format of the FeliCa card.

In a case where the IC card being used is not a FeliCa card, it islikely that the format of the IC card identification data of the IC cardis different from the IC card identification data of the FeliCa card.

In this case, the data format conversion part 175 may perform a plug-inprocess so that the format of the IC card identification data obtainedfrom the IC card can be changed to the same format as the IC cardidentification data of the FeliCa card.

The communication part 176 is for communicating with, for example, themanagement apparatus 11 and the user terminal 15. The process historystorage part 177 is for storing the history of the processes executed bythe image forming apparatus 17. The history stored in the processhistory storage part 177 is stored in correspondence with useridentification data and the type of process. Thereby, the history of anexecuted process can be searched for by referring to user identificationdata and/or the type of process. The search results may be displayed,for example, in a display part provided in the operation part 172 forallowing the user to view the search results.

Furthermore, the process history storage part 177 may also store dataindicating, for example, the history of the execution of the printingfunction, the user ID of the user using the image forming apparatus 17,the name assigned to the image forming apparatus 17, the time ofinitiating a desired process, the time of completing a desired process,the electronic document processed by the image forming apparatus 17,and/or the number of pages of the image data.

The data of the process history stored in the process history storagepart 177 are periodically uploaded to the management server 11 via thecommunication part 176 and stored also in the management server 11.

The individual data storage part 178 stores individual data incorrespondence with each user. The individual data include, for example,setting data for the image forming apparatus 17 in correspondence witheach user, address book data, image data and electronic document dataprocessed or to be processed by the image forming apparatus 17.Furthermore, the individual data correspond to user identification data.In a case where “personal menu” (described below) is selected, the imageforming apparatus 17 reads out corresponding individual data. In thiscase where personal menu is selected and corresponding individual dataare read out, the control part 171 executes a process(es) of the imageforming apparatus 17 in accordance with the individual data.

The password generation part 179 generates a password(s) based on theuser identification data by using a predetermined algorithm.

In the image forming apparatus 17, the applications used for executingthe above-described functions of the data format conversion part 175,the process history storage part 177, the individual data storage part178, and the password generation part 179 may be loaded into the imageforming apparatus 17 by mounting a detachable recording medium onto theimage forming apparatus 17. In this case, it is preferable to provide arecording medium reading part to the image forming apparatus 17 forreading data from the recording medium. Accordingly, the above-describedfunctions can be executed by reading corresponding applications from therecording medium. Furthermore, the recording medium may be, for example,a SD (Secure Digital) memory card.

FIG. 3 is a block diagram for describing functions of the managementserver 11 according to an embodiment of the present invention. Themanagement server 11 includes a user data storage part 120, a controlpart 111, a use restriction data acquiring part 112, a display part 113,and a communication part 114.

The user data storage part 120 contains IC card identification data 121,user ID data 122, and use restriction data 123. The IC cardidentification data 121 are data obtained from an IC card(s) beforehandby the IC card reader 174. The user ID data 122 are data stored incorrespondence with the IC card identification data 121 for enabling thecontrol part 111 to extract target user ID data from the user ID data122 by referring to corresponding IC card identification data 121. Theuser identification data according to this embodiment of the presentinvention refers to a combination of data including IC cardidentification data 121 and corresponding user ID data 122.

The use restriction data 123 indicates, for example, functions,settings, and conditions of the image forming apparatus 17 when the useruses the image forming apparatus 17. The use restriction data 123 arestored in correspondence to the user ID data 122. The above-describeddata stored in the user data storage part 120 are registered (input)beforehand by, for example, a manager of the image forming apparatusmanagement system 10 or a user.

The control part 111 controls the processes executed in the managementserver 11. The use restriction data acquiring part 112 is for acquiringuse restriction data 123 stored in the user data storage part 120. Thedisplay part 113 is for displaying data regarding the status of theimage forming apparatus management system 10 (e.g., status of themanagement server 11 itself, status of components and apparatusesconnected to the management server 11). The display part 113 may be, forexample, a liquid crystal panel provided in the management server 11 ora liquid crystal display connected to an external part of the managementserver 11 via a suitable connecting component. The communication part114 is for communicating with, for example, the print server 16 and theimage forming apparatus 17.

FIG. 4 is a block diagram for describing the functions of the printserver 16 according to an embodiment of the present invention. The printserver 16 includes, for example, a print instruction storage part 161, aprint control part 162, and a communication part 163. The printinstruction storage part 161 is for temporarily storing print jobs(print commands) transmitted from the user terminal 15. When a printingrequest (print instruction) is given from the user terminal 15 or theimage forming apparatus 17, the print control part 162 instructs that aprint job(s) stored in the print command storage part 161 be transmittedto the image forming apparatus 17. Accordingly, the image formingapparatus 17 executes the print job(s). The communication part 163 isfor establishing communications between the management server 11 and theimage forming apparatus 17.

For example, in a case where plural image forming apparatuses 17 areconnected to the image forming apparatus management system 10, the printserver 16 according to an embodiment of the present invention allows animage forming apparatus to be selected as the destination for receivinga print job(s) stored in the print command storage part 161. Forexample, in a case where one of the plural image forming apparatuses 17is in the middle of executing another process, the print control part162 avoids selecting the executing image forming apparatus 17 as theprint job destination and alternatively selects another image formingapparatus 17. Thereby, print jobs can be speedily executed by the imageforming apparatuses 17.

In this example, a maximum of four print servers 16 can be connected toa single image forming apparatus 17. By connecting plural print servers16 to one image forming apparatus 17, more print jobs can be stored inthe print servers 16. Furthermore, since the print server 16 is able toselect an available image forming apparatus 17 and allow the selectedimage forming apparatus 17 to promptly execute a print job, the storedprint jobs can be speedily executed without increasing the workload ofthe image forming apparatuses 17. Furthermore, in a case where one ofthe print servers 16 is disabled (failure), repair, maintenance, orinspection can be performed on the disabled print server 16 withouthaving to shut down the entire image forming apparatus management system10 by operating the other remaining printer servers 16.

Next, a user authentication process of the image forming apparatusmanagement system 10 is described with reference to FIG. 5. FIG. 5 is aflowchart showing a user authentication process of the image formingapparatus management system 10 according to an embodiment of the presentinvention.

The image forming apparatus 17 obtains IC card identification data withthe IC card reader 174 and transmits the obtained IC card identificationdata to the management server 11 with the communication part 176. In themanagement server 11, when the communication part 114 receives the ICcard identification data from the image forming apparatus 17, thecontrol part 111 searches through IC card identification data stored inthe user data storage part 120 based on the received IC cardidentification data, to thereby determine whether IC card identificationdata corresponding to the received IC card identification data arestored in the user data storage part 120 (Step S51).

In a case where IC card identification data 121 corresponding to thereceived IC card identification data are stored in the user data storagepart 120, the control part 111 extracts a user ID corresponding to theID card identification data from the user ID data 122 stored in the userdata storage part 120. Then, the control part 111 determines whether themanagement server 11 is set to execute a user authentication process byusing the AD server 13 (Step S52).

In a case where the management server 11 is set to execute the userauthentication process by using the AD server 13 (Yes in Step S52), thecontrol part 111 accesses the AD server 13 and determines whether theextracted user ID exists in the user ID data stored in the AD server 13(Step S53).

In a case where there is a corresponding user ID in the AD server 13(Yes in Step S53), the control part 111 authenticates the user of theuser ID (log-in success, Step S54). In a case where the managementserver 11 is not set to execute the user authentication process by usingthe AD server 13 (No in Step S52), the control part 111 determines thatthe user is authenticated at the time when corresponding user data arefound in the user data storage part 120.

In a case where the determination process (determining whether acorresponding user ID exists in the AD server 13) of Step S53 fails(error), the control part 111 determines whether to allow the user ofthe user ID to use the image forming apparatus 17 by referring to theuse restriction data 123 corresponding to the user ID (Step S55). In acase where the user ID corresponds to an authorized user, the controlpart 111 determines that the user is authenticated (log-in success). Ina case where the user ID corresponds to an unauthorized user, thecontrol part 111 determines that the log-in operation has failed andends the user authentication process (Step S56).

In a case where the user is authenticated in the user authenticationprocess in Step S54, the control part 111 instructs the use restrictiondata acquiring part 112 to acquire use restriction data corresponding tothe authenticated user from the use restriction data 123 stored in theuser data storage part 120. Then, the control part 111 instructs thecommunication part 114 to transmit the acquired use restriction data tothe image forming apparatus 17.

In the image forming apparatus 17, the control part 171 controlsprocesses of the image forming apparatus 17 in accordance with the userestriction data received from the management server 11, so that theauthenticated user can only use functions allowed to be used by theuser.

Next, a personal menu process executed by the image forming apparatus 17is described with reference to FIGS. 6, 7A and 7B. The “personal menu”according to an embodiment of the present invention refers to functionswhich can be used only by users having their user ID and passwordregistered beforehand in the image forming apparatus 17. The functionsthat can be executed with the “personal menu” include, for example,accessing and browsing data (e.g. image data, electronic document data)stored in the image forming apparatus 17 in correspondence with eachuser, using an address book corresponding to each user, and browsingmail documents corresponding to each user. Furthermore, in a case wherethe personal menu is selected by the user, the display of the displaypart of the operation part 172 or the settings of the image formingapparatus 17, for example, can be customized in correspondence with eachuser. In this example, “personal menu process” refers to a process thatis executed by the image forming apparatus 17 when the personal menu isselected.

FIG. 6 is a flowchart for describing an operation of the personal menuprocess of the image processing apparatus 17 according to an embodimentof the present invention. FIGS. 7A and 7B are schematic diagrams fordescribing the statuses of the operation part 172 in a case where thepersonal menu is selected by the user. More specifically, FIG. 7A showsa status of the operation part 172 before logging in to the personalmenu. FIG. 7B shows a status of the operation part 172 after logging into the personal menu.

The user authentication process (described above with FIG. 5) of theimage forming apparatus 17 is initiated by having the user place his/herIC card onto or in the proximity of the IC card reader 174 (Step S61).Until the user is authenticated, the image forming apparatus 17 keepsthe operation part 172 in a state which cannot be operated by the user(this state is hereinafter referred to as “hard key lock state”).

When the user authentication process of Step S61 is completed and theuser is determined as a user authorized to use the image formingapparatus 17, the control part 171 releases (unlocks) the hard key lockstate (Step S62). Then, the control part 171, in accordance with the userestriction data obtained from the management server 11, alters thestatus of the image forming apparatus 17 to a status allowing executionof predetermined functions allowed to be executed by the user (StepS63).

In a case where execution of the “personal menu” is selected by the user(Step S64), the control part 171 instructs a display part of theoperation part 172 to display that the “personal menu” has been selectedas shown in FIG. 7A (Step S65). It is to be noted that the “it function”shown in FIGS. 6 and 7A is a generic term indicating a function of theimage forming apparatus for directly transmitting and receiving data viaa network. Accordingly, the function(s) that can be executed by thepersonal menu process is included in the “it function” according to anembodiment of the present invention.

Then, the control part 171 initiates a process of logging in to theselected personal menu (Step S66). The image forming apparatus 17 has apassword generation part 179 (see FIG. 2) that generates a passwordbased on the user ID extracted from the IC card identification data inStep S61. Accordingly, at this stage, a user ID registered beforehand bythe user and a password generated by the password generation part 179 incorrespondence with the registered user ID are stored beforehand in theimage forming apparatus 17.

Then, the control part 171 determines whether the user ID obtained inStep S61 and the password generated in correspondence with the obtaineduser ID match the user ID and password stored beforehand in the imageforming apparatus 17 (Step S67).

In a case where there is no matching user ID stored in the image formingapparatus 17 according to the determination of Step S67, the controlpart 171 determines that the user of the user ID is a new user who isnot yet registered to the image forming apparatus 17. Accordingly, thecontrol part 171 instructs the operation part 172 to display a userregistration screen, to thereby proceed to a user registration process(Step S68).

In a case where the password is incorrect in Step S67, the control part171 locks the hard keys of the operation part 172 except for theon-demand key (Step S69). In this example, the “on-demand key” is a keyprovided in the operation part 172 for instructing that a print jobalready stored in the image forming apparatus 17 be executed.

A case where the password is determined to be incorrect by the imageforming apparatus 17 may occur, for example, in a case where thepassword generated by the password generation part 179, which is apassword initially set for logging in to the personal menu, has beenchanged to an original password of the user by the user. In this case,the control part 171 instructs the operation part 172 to display ascreen (e.g. touch panel) enabling input of a password and indicate onthe screen that the changed password is to be input (Step S70). When acorrect password is input by the user in Step S70, the control part 171releases the hard key lock state in accordance with the user restrictiondata (Step S71). Then, the operation returns to the step of determiningwhether the user ID obtained in Step S61 and the password input in StepS71 match the user ID and the changed password stored beforehand in theimage forming apparatus 17.

In a case where, for some reason, an error occurs in the log-in processof Step S67, the control part 171 instructs the operation part 172 todelete the selected “personal menu” displayed in Step S65 (Step S72).Then, the control part 171 instructs the operation part 172 to displaythat an error has occurred in the process of logging in to the personalmenu (error message) (Step S73).

Then, in a state where the user is not logged in to the personal menu,the control part 171 controls the image forming apparatus in accordancewith use restriction data so that the user may execute functions allowedto be executed by the user.

In a case where the user ID and password stored in the image formingapparatus 17 match the user ID obtained in Step S61 and the passwordgenerated from the obtained user ID, the control part 171 determinesthat the log-in process is a success. Accordingly, the control part 171obtains personal data corresponding to the user ID from the personaldata storage part 178. Then, the control part 171 controls the imageforming apparatus (e.g. restriction of setting conditions regarding useof the image forming apparatus 17) based on the obtained personal data(Step S74).

Then, the control part 171 sets the operation keys of the operation part172 to a mode allowing the user to operate on the operation keys to beused when the personal menu is selected (Step S75). Then, the controlpart 171 instructs the operation part 172 to delete the selected“personal menu” displayed in Step S65 (Step S76). Then, the control part171 instructs the operation part 171 to display a message indicatingthat the data of the password generated by the password generation part179 can be browsed by the user (Step S77). Once the message isdisplayed, the log-in process of the image forming apparatus 17 isfinished. Then, the operation part 171 displays a personal menu incorrespondence with each user as shown in FIG. 7B.

In a case where the personal menu is not selected (No in Step S64), thecontrol part 171 controls the image forming apparatus 17 based on theuse restriction data obtained from the management server 11 in Step S61(Step S78). Accordingly, the user can use the image forming apparatus 17within the limits of the controls set in the image forming apparatus 17.

It is to be noted that the browsable data of the password indicated bythe operation part 172 in Step S77 includes, for example, data regardingthe initial password generated by the password generation part 179 anddata required in changing the initial password to an original passwordof the user. In an embodiment of the present invention, the screendisplayed by the operation part 172 in Step S77 may change to a screenfor changing the password or to a screen displaying the initial passwordto the user in a case where the password is already changed by the user.Furthermore, in a case of displaying the password to the user, thepassword displayed on the screen by the operation part 172 may beautomatically erased after a predetermined time has elapsed after thestart of displaying the password.

Hence, with the above-described image forming apparatus managementsystem including the management server 11 according to the firstembodiment of the present invention, security in managing user datastored inside an image forming apparatus can be strengthened andconfidentiality of data can be ensured since the functions of the imageforming apparatus(es) 17 are controlled based on user identificationdata managed in the management server 11.

Since the functions of the image forming apparatus 17 are controlled incorrespondence with each user, the image forming apparatus 17 does notneed to execute unnecessary processes for the user. Accordingly, theimage forming apparatus 17 can be used efficiently. Since the user IDcan be obtained by a contactless IC card, operability can be improvedsince the user does not need to input the user ID each time of loggingin. Furthermore, since the image forming apparatus 17 includes apassword generation part that generates passwords from the user ID, theimage forming apparatus 17 does not need to have passwords storedtherein. Therefore, leakage (disclosure) of passwords can be preventedeven in a case where leakage of data including user identification dataoccurs.

The above-described system and apparatus according to the firstembodiment of the present invention can be applied even in a case wherethe format of IC card identification data is changed due to a change inthe type of IC card.

Furthermore, with the above-described system and apparatus according tothe first embodiment of the present invention, the processes executed bythe image forming apparatus 17 can be easily understood since theprocesses are stored by categorizing the processes in correspondencewith each user's identification data and/or the type of process.

Furthermore, with the above-described system and apparatus according tothe first embodiment of the present invention, the operation of theentire system and the status of each connected apparatus can be easilyunderstood since the user can browse the status of the entire imageforming apparatus management system.

Second Embodiment

Next, an image forming apparatus management system according to a secondembodiment of the present invention is described with reference to FIG.8. FIG. 8 is a schematic diagram showing an image forming apparatusmanagement system 20 according to the second embodiment of the presentinvention. In the image forming apparatus management system 20 of thesecond embodiment shown in FIG. 8, like components are denoted with likenumerals as of the image forming apparatus management system of thefirst embodiment shown in FIG. 1 and are not further explained.

The image forming apparatus management system 20 according to a secondembodiment of the present invention includes an image forming apparatus17 a, an operation terminal 21 for operating the image forming apparatus17 a, and an IC card reader 174 a connected to an outer part of theoperation terminal 21. In this example, the image forming apparatus 17a, the operation terminal 21, and the IC card reader 174 a serve ascorresponding parts (components) of the above-described image formingapparatus 17 according to the first embodiment of the present invention.FIG. 9 is a schematic diagram for describing configurations of the imageforming apparatus 17 a, the operation terminal 21, and the IC cardreader 174 a according to an embodiment of the present invention.

The image forming apparatus 17 a and the IC card reader 174 a areconnected to an operation terminal 21. The operation terminal 21 isconnected to a network included in the image forming apparatusmanagement system 20. The image forming apparatus 17 a according to anembodiment of the present invention is serially connected to theoperation terminal 21 with, for example, RS 232C. The IC card reader 174a is connected to the operation terminal 21 with, for example, USB.

As shown in FIG. 9, the image forming apparatus 17 a includes a controlpart 171 a, an operation part 172 a, a storage part 173 a, and acommunication part 176 a. The control part 171 a is for executing orcontrolling the processes of the image forming apparatus 17 a forachieving, for example, a printing function, a scanning function, and acopying function. The operation part 172 a is for operating the imageforming apparatus 17 a (e.g. a ten-key, a control panel). The memorypart 173 a is for storing, for example, setting values (parameters) ofthe image forming apparatus 17 a. The communication part 176 a is forcommunicating with the operation terminal 21.

The operation terminal 21 includes, for example, a computer having acontrol part 211, a communication part 212, a storage part 213, adisplay part 214, and an operation part 215. The control part 211 is forexecuting or controlling the processes of the operation terminal 21 forachieving various functions of the operation terminal 21. Thecommunication part 212 is for communicating between the image formingapparatus 17 a, the IC card reader 174 a, and other various apparatusesconnected to the network.

The storage part 213 is for storing, for example, setting values(parameters) of the operation terminal 21 and temporarily storing, forexample, calculation values resulting from processes executed by thecontrol part 211. The storage part 213 may periodically transmit itsstored data (e.g. data regarding the settings of the image formingapparatus management system 20, user identification data including ICcard identification data and user ID data, use restriction datacorresponding to user identification data, history data indicating thehistory of the user who has used the image forming apparatus 17 a) tothe management server 11 in preparation for a case where the operationterminal 21 becomes unable to communicate with the management server 11and the print server 16.

The display part 214 is for displaying, for example, results of theprocesses executed by the operation terminal 21 and the current statusof the image forming apparatus 17 a. More specifically, the display part214 may be a liquid crystal display connected to an outer part of theoperation terminal 21. The operation part 215 is for operating theoperation terminal 21. More specifically, the operation part 214 may bea keyboard or a mouse connected to an outer part of the operationterminal 21. Since the IC card reader 174 a has substantially the samefunctions as those of the IC card reader described in the firstembodiment of the present invention, further description thereof isomitted.

Next, a user authentication process according to the second embodimentof the present invention is described. First, the IC card reader 174 aobtains IC card identification data stored in the IC card of the user.Then, the control part 211 of the operation terminal 21 obtains the ICcard identification data from the IC card reader 174 a. Then, thecontrol part 211 transmits the obtained IC card identification data tothe management server 11 via the communication part 212. The managementserver 11 obtains IC card identification data 121 (see FIG. 3) matchingthe transmitted IC card identification data in the user data storagepart 120, extracts user ID data 122 corresponding to the obtained ICcard identification data from the user data storage part 120, andacquires use restriction data 123 corresponding to the extracted user IDdata.

Then, the management server 11 transmits the acquired use restrictiondata 123 to the operation terminal 21 via the communication part 114.The operation terminal 21 obtains use restriction data via thecommunication part 212 and controls the image forming apparatus 17 aaccording to the obtained use restriction data.

In the image forming apparatus management system 20 according to thesecond embodiment of the present invention, management of the imageforming apparatus 17 a is executed by the management server 11 and theoperation terminal 21 used for operating the image forming apparatus 17a.

It is to be noted that an application(s) for executing the functions ofthe data format conversion part 175, the process history storage part177, the personal data storage part 178, and the password generationpart 179 described in the first embodiment of the present invention maybe recorded in a recording medium (computer-readable recording medium)readable for the operation terminal 21. In such a case, the operationterminal 21 may be provided with a recording medium reading part (notshown) for reading the applications from the recording medium andexecuting the functions recorded in the recording medium. Accordingly,the operation terminal 21 may control the image forming apparatus 17 a,to thereby execute the functions of the data format conversion part 175,the process history storage part 177, the personal data storage part178, and the password generation part 179 in correspondence with thefunctions of the image forming apparatus 17 a.

Third Embodiment

Next, an image forming apparatus management system according to a thirdembodiment of the present invention is described with reference to FIG.10. FIG. 10 is a schematic diagram showing an image forming apparatusmanagement system 30 according to the third embodiment of the presentinvention. In the image forming apparatus management system of the thirdembodiment shown in FIG. 10, like components are denoted with likenumerals as of the image forming apparatus management system of thefirst and second embodiments shown in FIGS. 1 and 8 and are not furtherexplained.

In the image forming apparatus management system 30 of the thirdembodiment, the parts included in the image forming apparatus 17 of thefirst embodiment of the present invention are provided as a laserprinter 17 b (image forming apparatus), a control terminal 31 forcontrolling the laser printer 17 b, a setting terminal 32 for applyingvarious settings to the control terminal 31, and an IC card reader 174 bconnected to an outer part of the control terminal 31. FIG. 11 is aschematic diagram for describing the configurations of the laser printer17 b, the control terminal 31, the setting terminal 32, and the IC cardreader 174 b according to an embodiment of the present invention.

The laser printer 17 b is an image forming apparatus having a printingfunction. The control terminal 31 includes a control part 311, acommunication part 312, a display part 313, and a storage part 314. Thecontrol part 311 is for executing and controlling processes forachieving the functions of the control terminal 31. The communicationpart 312 is for communication with various apparatuses included in theimage forming apparatus management system 30 and the laser printer 17 b.The display part 313 is for displaying, for example, the current statusof the image forming apparatus management system 30 and thecommunication status between the control terminal 31 and variousapparatuses included in the image forming apparatus management system30.

The display part 313 includes a combination of three light emittingdevices, that is, three LEDs (Light Emitting Diode). This combination ofLEDs is used for indicating the statuses of the image forming apparatusmanagement system 30 and various apparatuses included in the imageforming apparatus management system 30 to the user. For example, theLEDs may indicate the status (system status) of the image formingapparatus management system 30, the communication status of the controlterminal 31 with respect to the management server 31 and the printserver 16, the status (apparatus status) of the management server 11,and the status (apparatus status) of the print server 16. The manner inwhich the statuses are indicated is described in detail below.

The storage part 314 is for storing, for example, setting values(parameters) set to the control terminal 31. The storage part 314 mayalso periodically transmit its stored data (e.g. data regarding thesettings of the image forming apparatus management system 30, useridentification data including IC card identification data and user IDdata, use restriction data corresponding to user identification data,history data indicating the history of the user who has used the laserprinter 17 b) to the management server 11 in preparation for a casewhere the control terminal 31 becomes unable to communicate with themanagement server 11 and the print server 16.

The IC card reader 174 b, which has substantially the same functions asthe IC card reader 174 a of the second embodiment, is connected to thecontrol terminal 31 with, for example, USB. The setting terminal 32 isfor applying various settings to the control terminal 31. The settingterminal may be, for example, a computer. The setting terminal 32 isconnected to the control terminal 31 with, for example, a crossingcable.

Next, a user authentication process according to the third embodiment ofthe present invention is described. First, the IC card reader 174 bobtains IC card identification data stored in the IC card of the user.Then, the control part 311 of the control terminal 31 obtains the ICcard identification data from the IC card reader 174 b. Then, thecontrol part 311 transmits the obtained IC card identification data tothe management server 11 via the communication part 312. The managementserver 11 obtains IC card identification data 121 (see FIG. 3) matchingthe transmitted IC card identification data in the user data storagepart 120, extracts user ID data 122 corresponding to the obtained ICcard identification data from the user data storage part 120, andacquires use restriction data 123 corresponding to the extracted user IDdata 122.

Then, the management server 11 transmits the acquired use restrictiondata 123 to the control terminal 31 via the communication part 114. Thecontrol terminal 31 obtains use restriction data 123 via thecommunication part 312 and controls the laser printer 17 b according tothe obtained use restriction data 123.

In a case where an authenticated user is restricted from using the laserprinter 17 b according to the use restriction data, the control part 311locks or keeps an operation key(s) of the laser printer 17 b in a lockedstate such that the operation key(s) cannot be operated by the user(hard key lock state). In a case where an authenticated user is allowedto use the laser printer 17 b, the control part 311 releases the hardkey lock state of the operation key(s), to thereby allow the user tooperate the operation key(s) of the laser printer 17 b.

In the image forming apparatus management system 30 according to thethird embodiment of the present invention, management of the laserprinter (image forming apparatus) 17 b is executed by the managementserver 11 and the control terminal 31. Accordingly, with the imageforming apparatus management system 30 according to the third embodimentof the present invention, the above-described management of imageforming apparatuses can be achieved without having to prepare expensiveimage forming apparatuses but with less expensive image formingapparatuses such as a commonly available laser printer.

Next, a display method executed by the display part 313 according to anembodiment of the present invention is described with reference to FIGS.12A-12M and 13A-13D.

FIGS. 12A-12M are schematic diagrams for describing a display methodexecuted by the display part 313 in a case of displaying the status ofthe image forming apparatus management system 30. FIGS. 13A-13D areschematic diagrams for describing a display method executed by thedisplay part 313 for displaying the status of a second print server in acase where plural printer servers 16 are connected. The horizontaldirection of FIGS. 12A-12M and 13A-13D indicates the elapsing of time,in which one box is equivalent to one second. In FIGS. 12A-12M and13A-13D, a shift of one box to the right side in the display part 313indicates a status after one second has elapsed.

The display part 313 of the control terminal 31 includes LED1, LED2, andLED3 which correspond to three colors of green, red, and yellow,respectively. In this example, LED1 is a green LED for indicating thepower status of the control terminal 31. The LED1 is lit when the powerof the control terminal 31 is switched ON. The LED2 is a red LED formainly indicating the apparatus status of the control terminal 31. TheLED3 is a yellow LED for mainly indicating the apparatus status of themanagement server 11 and the print server 16 as well as thecommunication status of the control terminal 31 with respect to themanagement server 11 and the print server 16. Next, the manner in whichthe LED2 and LED3 is lit are described with reference to FIGS. 12A-12M.

FIG. 12A shows the display part 313 indicating that the communicationstatus for a service inside the control terminal 31 is abnormal. In thisexample, the service inside the control terminal 31 istransmission/reception of data inside the control terminal 31. In a casewhere the communication status of the service inside the controlterminal 31 is abnormal, the LED2 of the display part 313 blinks onceevery five seconds. That is, after the LED2 is lit for one second, thereis an intermission of four seconds where none of the LEDs are lit. Then,after the lapse of four seconds, the LED2 is lit again for one second.In this manner, the display part 313 reports the communicationabnormality of the service inside the control terminal 31 to the user.

FIG. 12B shows the display part 313 indicating a disk capacity warningof the local disk of the control terminal 31. In a case where theremaining data capacity of the control terminal 31 becomes less than apredetermined capacity, the LED2 blinks every other second for twotimes. Then, there is an intermission of four seconds where none of theLEDs are lit. Then, after the lapse of four seconds, the LED2 is blinksevery other second for two times. In this manner, the display part 313reports the disk capacity warning of the local disk of the controlterminal 31 to the user.

FIG. 12C shows the display part 313 indicating that the apparatus statusof the IC card reader 174 b is abnormal. In this case, the LED2 blinksevery other second for three times. Then, there is an intermission offour seconds where none of the LEDs are lit. Then, after the lapse offour seconds, the LED2 is blinks every other second for three times. Inthis manner, the display part 313 reports the apparatus abnormality ofthe IC card reader 174 b to the user.

FIG. 12D shows the display part 313 indicating that the device status ofthe control terminal 31 is abnormal. In this example, abnormality in thedevice status of the control terminal 313 is malfunction of the controlterminal 31 (e.g. unable to perform data communication). In this case,the LED3 blinks once every five seconds. That is, after the LED3 is liton for one second, there is an intermission of four seconds where noneof the LEDs are lit. In this manner, the display part 313 reports thedevice abnormality of the control terminal 31 to the user.

FIG. 12E shows the display part 313 indicating that the communicationstatus with respect to the print server 16 is abnormal. In this case,the LED3 blinks every other second for two times. Then, there is anintermission of four seconds where none of the LEDs are lit. Then, afterthe lapse of four seconds, the LED3 is blinks every other second for twotimes. In this manner, the display part 313 reports the abnormalcommunication between the control terminal 31 and the print server 16 tothe user.

FIG. 12F shows the display part 313 indicating that the communicationstatus with respect to the management server 11 is abnormal. In thiscase, the LED3 blinks every other second for three times. Then, there isan intermission of four seconds where none of the LEDs are lit. Then,after the lapse of four seconds, the LED3 is blinks every other secondfor three times. In this manner, the display part 313 reports theabnormal communication between the control terminal 31 and themanagement server 11 to the user.

FIG. 12G shows the display part 313 indicating that there is an internalerror of the control terminal 31. In this example, internal error is acase where the control terminal 31 is, for some reason, unable toexecute a process to be executed inside the control terminal 31. In thiscase, the LED2 and the LED3 blink at the same timing every other second.In this manner, the display part 313 reports the internal error of thecontrol terminal 31 to the user.

FIG. 12H shows the display part 313 indicating that the communicationstatus for a service inside the print server 16 is abnormal. In thiscase, the LED3 of the display part 313 blinks once every other secondfor four times. Then, there is an intermission of four seconds wherenone of the LEDs are lit. Then, after the lapse of four seconds, theLED3 blinks once every other second for four times. In this manner, thedisplay part 313 reports the communication abnormality of the serviceinside the print server 16 to the user.

FIG. 12I shows the display part 313 indicating a disk capacity warningof the print server 16. In a case where the remaining data capacity ofthe print server 16 becomes less than a predetermined capacity, the LED3blinks every other second for five times. Then, there is an intermissionof four seconds where none of the LEDs are lit. Then, after the lapse offour seconds, the LED3 blinks every other second for five times. In thismanner, the display part 313 reports the disk capacity warning of theprint server 16 to the user.

FIG. 12J shows the display part 313 indicating a database capacitywarning of the print server 16. In this example, the database of theprint server 16 is a data storage area in the printer server 16 wherevarious data are stored. In a case where the remaining data capacity ofthe database of the print server 16 becomes less than a predeterminedcapacity, the LED3 blinks every other second for six times. Then, thereis an intermission of four seconds where none of the LEDs are lit. Then,after the lapse of four seconds, the LED3 blinks every other second forsix times. In this manner, the display part 313 reports the databasecapacity warning of the print server 16 to the user.

FIG. 12K shows the display part 313 indicating that the communicationstatus for a service inside the management server 11 is abnormal. Inthis case, the LED3 of the display part 313 blinks once every othersecond for seven times. Then, there is an intermission of four secondswhere none of the LEDs are lit. Then, after the lapse of four seconds,the LED3 blinks once every other second for seven times. In this manner,the display part 313 reports the communication abnormality of theservice inside the management server 11 to the user.

FIG. 12L shows the display part 313 indicating a disk capacity warningof the management server 11. In a case where the remaining data capacityof the management server 11 becomes less than a predetermined capacity,the LED3 blinks every other second for eight times. Then, there is anintermission of four seconds where none of the LEDs are lit. Then, afterthe lapse of four seconds, the LED3 blinks every other second for eighttimes. In this manner, the display part 313 reports the disk capacitywarning of the management server 11 to the user.

FIG. 12M shows the display part 313 indicating a database capacitywarning of the management server 11. In this example, the database ofthe management server 11 is a data storage area in the management server11 where various data are stored. In a case where the remaining datacapacity of the database of the management server 11 becomes less than apredetermined capacity, the LED3 blinks every other second for ninetimes. Then, there is an intermission of four seconds where none of theLEDs are lit. Then, after the lapse of four seconds, the LED3 blinksevery other second for nine times. In this manner, the display part 313reports the database capacity warning of the management server 11 to theuser.

Accordingly, with the display part 313 of the control terminal 31, theapparatus status of the control terminal 31, the management server 11,and the print server 16 as well as the communication status of thecontrol terminal 31 with respect to the management server 11 and theprint server 16 can be viewed by the user.

The image forming apparatus management system 30 according to anembodiment of the present invention may be provided with plural printservers 16. Next, the manner in which an LED2 and an LED3 of a secondprint server 16′ (not shown) is lit is described with reference to FIGS.13A-13D. In FIGS. 13A-13D, the mark “!” indicates that the period inwhich the LED is lit is shorter than one second. For example, “!”indicates that an LED blinks twice with an interval shorter than onesecond.

FIG. 13A shows the display part 313 indicating that the communicationstatus between the second print server 16′ and the control terminal 31is abnormal. In this case, the LED3 of the display part 313 blinks everyother second for two times. Then, during a period of four seconds, theLED3 blinks twice with an interval shorter than one second. Then, afterthe lapse of four seconds, the LED3 blinks once every other second fortwo times. In this manner, the display part 313 reports thecommunication abnormality between the second print server 16′ and thecontrol terminal 31 to the user.

FIG. 13B shows the display part 313 indicating that the communicationstatus for a service inside the second print server 16′ is abnormal. Inthis case, the LED3 of the display part 313 blinks once every othersecond for four times. Then, during a period of four seconds, the LED3blinks twice with an interval shorter than one second. Then, after theperiod of four seconds, the LED3 blinks once every other second for fourtimes. In this manner, the display part 313 reports the communicationabnormality of the service inside the second print server 16′ to theuser.

FIG. 13C shows the display part 313 indicating a disk capacity warningof the second print server 16′. In a case where the remaining datacapacity of the second print server 16′ becomes less than apredetermined capacity, the LED3 blinks every other second for fivetimes. Then, during a period of four seconds, the LED3 blinks twice withan interval shorter than one second. Then, after the period of fourseconds, the LED3 blinks once every other second for five times. In thismanner, the display part 313 reports the disk capacity warning of thesecond print server 16′ to the user.

FIG. 13D shows the display part 313 indicating a database capacitywarning of the second print server 16′. In this example, the database ofthe second print server 16′ is a data storage area in the second printserver 16′ where various data are stored. In a case where the remainingdata capacity of the database of the second print server 16′ becomesless than a predetermined capacity, the LED3 blinks every other secondfor six times. Then, during a period of four seconds, the LED3 blinkstwice with an interval shorter than one second. Then, after the periodof four seconds, the LED3 blinks once every other second for six times.In this manner, the display part 313 reports the database capacitywarning of the second print server 16′ to the user.

Accordingly, with the display part 313 of the control terminal 31 in acase where the control terminal 31 is connected to plural print servers,the apparatus status of the other plural print servers as well as thecommunication status of the control terminal 31 with respect to theother plural print servers can be viewed by the user.

Further, the present invention is not limited to these embodiments, butvariations and modifications may be made without departing from thescope of the present invention.

The present application is based on Japanese Priority Application No.2006-056404 filed on Mar. 2, 2006, with the Japanese Patent Office, theentire contents of which are hereby incorporated by reference.

1. (canceled)
 2. An authentication system comprising: an image formingapparatus; and a management apparatus; wherein a user informationstorage unit included in the management apparatus is configured to storea first user information to be used for user authentication, wherein auser information acquiring unit included in the image forming apparatusis configured to acquire authentication information that is inputaccording to a user operation, wherein an authentication informationreceiving unit included in the management apparatus is configured toreceive the authentication information that is input from the imageforming apparatus, wherein a determining unit included in the managementapparatus is configured to determine whether the user authenticationbased on the authentication information, is to be performed by using anexternal authentication apparatus, wherein in a case where the userauthentication is determined to be performed by using the externalauthentication apparatus, a first acquiring unit included in themanagement apparatus is configured to acquire a result of the userauthentication based on a second user information stored in the externalauthentication apparatus connected to the management apparatus via anetwork, and wherein a second acquiring unit included in the managementapparatus is configured to perform the user authentication based on thefirst user information stored in the user information storage unit in acase where the user authentication is determined not to be performed byusing the external authentication apparatus, and acquire a result of theuser authentication.
 3. The authentication system as claimed in claim 2,wherein the external authentication apparatus is an Active Directoryserver.
 4. The authentication system as claimed in claim 2, wherein thedetermining unit is configured to determine whether the userauthentication is to be performed by using the external authenticationapparatus or by the management apparatus without using the externalauthentication apparatus based on a setting of whether to use theexternal authentication apparatus for the user authentication.
 5. Theauthentication system as claimed in claim 2, wherein a transmission unitincluded in the management unit is configured to acquire use restrictioninformation pertaining to a function of the image forming apparatus thatthe user can use in a case where the user authentication is a success,and transmit the use restriction information, wherein a control partincluded in the image forming apparatus is configured to control thefunction of the image forming apparatus that the user can use based onthe use restriction data transmitted from the transmission unit, whereinthe user information storage unit is configured to store the userestriction information pertaining to the function of the image formingapparatus that the user can use, and wherein the transmission unit isconfigured to transmit the use restriction information acquired from theuser information storage unit to the image forming apparatus.
 6. Theauthentication system as claimed in claim 2, wherein the authenticationinformation includes a card ID that is read from an IC card, and whereinthe user authentication is a process to confirm whether a user IDcorresponding to the card ID exists.
 7. The authentication system asclaimed in claim 4, wherein the authentication information includes acard ID that is read from an IC card, and wherein the userauthentication is a process to confirm whether a user ID correspondingto the card ID exists.
 8. A method for authenticating a user that usesan image forming apparatus, the method being performed by a managementapparatus connected to the image forming apparatus via a network, themethod comprising: storing a first user information to be used for userauthentication; receiving authentication information from the imageforming apparatus, the authentication information being input to theimage forming apparatus according to a user operation; determiningwhether the user authentication based on the authentication information,is to be performed by using an external authentication apparatus;acquiring a result of the user authentication based on a second userinformation stored in the external authentication apparatus connected tothe management apparatus via the network in a case where the userauthentication is determined to be performed by using the externalauthentication apparatus; and performing the user authentication basedon the first user information stored in the management apparatus in acase where the user authentication is determined not to be performed byusing the external authentication apparatus, and acquiring a result ofthe user authentication.
 9. The method as claimed in claim 8, whereinthe external authentication apparatus is an Active Directory serverconnected to the management apparatus that performs the method.
 10. Themethod as claimed in claim 8, further comprising: determining whetherthe user authentication is to be performed by using the externalauthentication apparatus or by the management apparatus without usingthe external authentication apparatus based on a setting of whether touse the external authentication apparatus for the user authentication.11. The method as claimed in claim 8, further comprising: storing userestriction information pertaining to a function of the image formingapparatus that the user can use; acquiring the stored use restrictioninformation in a case where the user authentication is a success, andtransmitting the use restriction information; and controlling thefunction of the image forming apparatus that the user can use based onthe transmitted use restriction data.
 12. The method as claimed in claim8, wherein the authentication information includes a card ID that isread from an IC card, and wherein the user authentication is a processto confirm whether a user ID corresponding to the card ID exists. 13.The method as claimed in claim 10, wherein the authenticationinformation includes a card ID that is read from an IC card, and whereinthe user authentication is a process to confirm whether a user IDcorresponding to the card ID exists.
 14. A management apparatus forperforming a user authentication, the management apparatus comprising: acommunication unit configured to communicate with an image formingapparatus that requests for the user authentication, the image formingapparatus communicating with the communication unit via a network; auser information storage unit configured to store a first userinformation to be used for the user authentication; an authenticationinformation receiving unit configured to receive authenticationinformation from the image forming apparatus, the authenticationinformation being input to the image forming apparatus according to auser operation; a determining unit configured to determine whether theuser authentication based on the authentication information, is to beperformed by using an external authentication apparatus; a firstacquiring unit configured to acquire a result of the user authenticationbased on a second user information stored in the external authenticationapparatus connected to the management apparatus via a network in a casewhere the user authentication is determined to be performed by using theexternal authentication apparatus; and a second acquiring unit includedin the management apparatus is configured to perform the userauthentication based on the first user information stored in the userinformation storage unit in a case where the user authentication isdetermined not to be performed by using the external authenticationapparatus, and acquire a result of the user authentication.
 15. Themanagement apparatus as claimed in claim 14, wherein the externalauthentication apparatus is an Active Directory server.
 16. Themanagement apparatus as claimed in claim 14, wherein the determiningunit is configured to determine whether the user authentication is to beperformed by using the external authentication apparatus or by themanagement apparatus without using the external authentication apparatusbased on a setting of whether to use the external authenticationapparatus for the user authentication.
 17. The management apparatus asclaimed in claim 14, further comprising: a transmission unit configuredto acquire use restriction information pertaining to a function of theimage forming apparatus that the user can use in a case where the userauthentication is a success, and transmit the use restrictioninformation, wherein the user information storage unit is configured tostore the use restriction information pertaining to the function of theimage forming apparatus that the user can use, and wherein thetransmission unit is configured to transmit the use restrictioninformation acquired from the user information storage unit to the imageforming apparatus.
 18. The management apparatus as claimed in claim 14,wherein the authentication information includes a card ID that is readfrom an IC card, and wherein the user authentication is a process toconfirm whether a user ID corresponding to the card ID exists.
 19. Themanagement apparatus as claimed in claim 16, wherein the authenticationinformation includes a card ID that is read from an IC card, and whereinthe user authentication is a process to confirm whether a user IDcorresponding to the card ID exists.